I Watched Hackers Pull Off A Real Life Ocean’s 11 Heist

_________________________________________________________________________
GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET

The scene was set: a surveillance camera, a safe full of money in a Las Vegas casino, a pair of thieves with lock picking tools and a laptop. I watched in awe as the skinny geeks clipped wires and rewired the feed so that it would loop ad finitum. Basically, they recreated the climax of Ocean’s 11 before my very eyes.

But there were no police, and there was no big getaway. I was sitting in hotel conference center at DEF CON 23, the infamous hacker conference that brings hundreds of would be deviants to Sin City to learn how to do things like break into safes. The two hackers on stage were Zack Banks and Eric Van Albert, two MIT alums with a penchant for physical security. They pulled off the mini Ocean’s 11 heist in real time so that they could show off a technique for compromising an ethernet connection in order to gain access to surveillance cameras and loop the feeds without getting caught.

The hack itself is simple enough. Using a custom-made tap board, Banks and Van Albert successfully spliced into an ethernet cable connected to a surveillance camera. The hardware enabled the hackers to connect a man-in-the-middle device to the ethernet cable without interrupting the surveillance camera feed. Then, they used a software hack to create a loop from the video feed. They even clipped out the time stamp from the live feed and pasted it over the looped clip, so that it would appear as if the camera was recording in real time. Once they switched from the live feed to the loop, one of the hackers used the lockpicking kit to break into a miniature safe and steal all of the coins.

Pretty cool, huh? The similarity of the hack to the plot of Ocean’s 11 is hardly an accident. Back in May, Banks and Van Albert published a white paper describing the methodology of the looping surveillance camera feeds and listed Ocean’s 11 as inspiration for their research. “We set out the re-create [the attack] as true to the movies as possible to demonstrate exactly how practical it would be to create a camera loop,” they wrote over an image of the devices used in Ocean’s 11 and National Treasure.

But it’s encouraging that well-meaning hackers like Banks and Van Albert are discussing their work so publicly. At the end of the day, they’re striving to make public the vulnerabilities of physical and cyber security so that we can all be a little bit safer. If you’re feeling frisky, you can even recreate the hack yourself, since all of the code is public on Git Hub. Quick pro tip, though: Don’t try to rob a casino. As we learned in Oceans 12, it really pisses off the owners when you take all their money. And you don’t want the casino crowd mad at you.